aboutsummaryrefslogtreecommitdiffstats
path: root/security/gpgme
diff options
context:
space:
mode:
authorlofi <lofi@FreeBSD.org>2007-03-07 02:14:43 +0800
committerlofi <lofi@FreeBSD.org>2007-03-07 02:14:43 +0800
commit804ae3911f0681d5491eca69f2c88a1a2785e1f9 (patch)
tree4e11c85b8e5545e455fc52f6859ca8145ac68a4b /security/gpgme
parent5441ab8c666daef8f5096a01d54b191f1caf944c (diff)
downloadfreebsd-ports-gnome-804ae3911f0681d5491eca69f2c88a1a2785e1f9.tar.gz
freebsd-ports-gnome-804ae3911f0681d5491eca69f2c88a1a2785e1f9.tar.zst
freebsd-ports-gnome-804ae3911f0681d5491eca69f2c88a1a2785e1f9.zip
Patch for "Multiple Messages Problem in GnuPG and GPGME"
Security: http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
Diffstat (limited to 'security/gpgme')
-rw-r--r--security/gpgme/Makefile2
-rw-r--r--security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch65
2 files changed, 66 insertions, 1 deletions
diff --git a/security/gpgme/Makefile b/security/gpgme/Makefile
index ff96c7947f69..6f674bf4c478 100644
--- a/security/gpgme/Makefile
+++ b/security/gpgme/Makefile
@@ -7,7 +7,7 @@
PORTNAME= gpgme
PORTVERSION= 1.1.3
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GNUPG}
MASTER_SITE_SUBDIR= gpgme
diff --git a/security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch b/security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch
new file mode 100644
index 000000000000..b1792efc0c34
--- /dev/null
+++ b/security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch
@@ -0,0 +1,65 @@
+Index: gpgme/verify.c
+===================================================================
+--- gpgme/verify.c (revision 1208)
++++ gpgme/verify.c (working copy)
+@@ -40,6 +40,7 @@
+ gpgme_signature_t current_sig;
+ int did_prepare_new_sig;
+ int only_newsig_seen;
++ int plaintext_seen;
+ } *op_data_t;
+
+
+@@ -549,8 +550,11 @@
+ }
+
+
++/* Parse an error status line and if SET_STATUS is true update the
++ result status as appropriate. With SET_STATUS being false, only
++ check for an error. */
+ static gpgme_error_t
+-parse_error (gpgme_signature_t sig, char *args)
++parse_error (gpgme_signature_t sig, char *args, int set_status)
+ {
+ gpgme_error_t err;
+ char *where = strchr (args, ' ');
+@@ -572,7 +576,16 @@
+
+ err = _gpgme_map_gnupg_error (which);
+
+- if (!strcmp (where, "verify.findkey"))
++ if (!strcmp (where, "proc_pkt.plaintext")
++ && gpg_err_code (err) == GPG_ERR_BAD_DATA)
++ {
++ /* This indicates a double plaintext. The only solid way to
++ handle this is by failing the oepration. */
++ return gpg_error (GPG_ERR_BAD_DATA);
++ }
++ else if (!set_status)
++ ;
++ else if (!strcmp (where, "verify.findkey"))
+ sig->status = err;
+ else if (!strcmp (where, "verify.keyusage")
+ && gpg_err_code (err) == GPG_ERR_WRONG_KEY_USAGE)
+@@ -670,9 +683,9 @@
+
+ case GPGME_STATUS_ERROR:
+ opd->only_newsig_seen = 0;
+- /* The error status is informational, so we don't return an
+- error code if we are not ready to process this status. */
+- return sig ? parse_error (sig, args) : 0;
++ /* Some error stati are informational, so we don't return an
++ error code if we are not ready to process this status. */
++ return parse_error (sig, args, !!sig );
+
+ case GPGME_STATUS_EOF:
+ if (sig && !opd->did_prepare_new_sig)
+@@ -703,6 +716,8 @@
+ break;
+
+ case GPGME_STATUS_PLAINTEXT:
++ if (++opd->plaintext_seen > 1)
++ return gpg_error (GPG_ERR_BAD_DATA);
+ err = _gpgme_parse_plaintext (args, &opd->result.file_name);
+ if (err)
+ return err;